Change Gmail and Outlook password using ‘phrase rule’ right now as experts warn most log-ins can be guessed in an hour
HACKERS can unscramble passwords with shocking accuracy, but there are easy steps users can take to be more secure.
Computer security experts at Kaspersky studied passwords leaked onto the dark web and discovered that a majority could be cracked in mere hours.
Researchers found that 45% of the 193 million passwords they analyzed - a whopping 87 million - were decoded by their algorithm in less than a minute.
Moreover, 59% could be figured out in under an hour and 67% within a month. Just 23% of passwords would take more than a year to crack.
The experts tested password strength using two methods: brute force attacks and smart-guessing algorithms.
Brute force, the strategy used by most hackers, cycles through all possible combinations of letters, numbers and symbols to finds a match and gain unauthorized access to an account.
READ MORE ON HACKERS
Meanwhile, smart guessing algorithms train on a password dataset to calculate the frequency of character mashups and make selections beginning with the most common combinations.
Luckily, experts say there are steps people can take to safeguard their data - and it often begins what knowing what not to do.
Kaspersky says using meaningful words, names, and standard character sequences makes your password easier to guess.
The least secure password would consist entirely of numbers or words.
Most read in News Tech
Instead, users should rely on mnemonic passphrases – this means a string of words that creates a memorable sentence.
Substituting numbers and symbols for letters within the phrase will make it even less predictable.
Reusing passwords across different sites is strongly discouraged. Not all companies store information securely, meaning a data breach on one site could compromise your accounts across platforms.
John Hammond, a cybersecurity expert, shared several other helpful tips.
Hammond himself examines passwords and data leaked onto the dark web, the "hidden" part of the Internet accessible only through a browser known as The Onion Router.
"I know it's a broken record, but it's because it's the right answer," Hammond told The U.S. Sun.
"Have long, complex passwords. Don't use the same password for every service."
Hammond recommends using a digital password manager to keep data in a safe and secure place.
He also stressed the importance of two-factor authentication, which requires that a user prove their identity in two different ways before gaining access to an account. This may entail sending a passcode to your phone or email address.
"In today's day and age, a lot of the applications like Duo or Google Authenticator or Microsoft Authenticator are ideal," Hammond said, adding that multi-factor authentication provides even more security checkpoints.
Read More on The US Sun
Password cracking results
Security experts at Kaspersky analyzed millions of passwords on the dark web and determined how long they took to crack using two methods.
Brute force
Under a minute: 10%
1 minute to 1 hour: 10%
1 hour to 1 day: 6%
1 day to 1 month: 9%
1 month to 1 year: 10%
Over 1 year: 55%
Smart guessing
Under a minute: 45%
1 minute to 1 hour: 14%
1 hour to 1 day: 8%
1 day to 1 month: 6%
1 month to 1 year: 4%
Over 1 year: 23%
The security expert says a secure account will require that a user show three pieces of information before being given access.
"The pedestals for authentication are something that you know, which is traditionally a password; something that you have, which is traditionally your phone for the multi-factor key; and then something you are, like using your biometric fingerprint," he said.